Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2016-5332

    Directory traversal vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.6.0 allows remote attackers to read arbitrary files via unspecified vectors.... Read more

    Affected Products : vrealize_log_insight
    • EPSS Score: %0.41
    • Published: Aug. 31, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-6195

    SQL injection vulnerability in forumrunner/includes/moderation.php in vBulletin before 4.2.2 Patch Level 5 and 4.2.3 before Patch Level 1 allows remote attackers to execute arbitrary SQL commands via the postids parameter to forumrunner/request.php, as ex... Read more

    Affected Products : vbulletin
    • EPSS Score: %85.21
    • Published: Aug. 30, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-7115

    Buffer overflow in the handle_packet function in mactelnet.c in the client in MAC-Telnet 0.4.3 and earlier allows remote TELNET servers to execute arbitrary code via a long string in an MT_CPTYPE_PASSSALT control packet.... Read more

    Affected Products : mac-telnet
    • EPSS Score: %1.06
    • Published: Aug. 30, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-5344

    Multiple integer overflows in the MDSS driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service or possibly have unspecified other ... Read more

    Affected Products : android linux_kernel
    • EPSS Score: %0.25
    • Published: Aug. 30, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-5342

    Heap-based buffer overflow in the wcnss_wlan_write function in drivers/net/wireless/wcnss/wcnss_wlan.c in the wcnss_wlan device driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other p... Read more

    Affected Products : android linux_kernel
    • EPSS Score: %0.61
    • Published: Aug. 30, 2016
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2016-0397

    WebReports in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.5.2 allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic.... Read more

    Affected Products : bigfix_platform bigfix_webreports
    • EPSS Score: %0.21
    • Published: Aug. 30, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-0292

    WebReports in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.5.2 allows local users to discover the cleartext system password by reading a report.... Read more

    Affected Products : bigfix_platform bigfix
    • EPSS Score: %0.05
    • Published: Aug. 30, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-5721

    Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : zimbra_collaboration_server
    • EPSS Score: %0.41
    • Published: Aug. 29, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2015-5399

    Cross-site scripting (XSS) vulnerability in PHPVibe before 4.21 allows remote authenticated users to inject arbitrary web script or HTML via a comment.... Read more

    Affected Products : phpvibe
    • EPSS Score: %0.13
    • Published: Aug. 26, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-5683

    ReadyDesk 9.1 allows local users to determine cleartext SQL Server credentials by reading the SQL_Config.aspx file and decrypting data with a hardcoded key in the ReadyDesk.dll file.... Read more

    Affected Products : readydesk
    • EPSS Score: %0.08
    • Published: Aug. 26, 2016
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2016-5664

    Directory traversal vulnerability on Accellion Kiteworks appliances before kw2016.03.00 allows remote attackers to read files via a crafted URI.... Read more

    Affected Products : kiteworks kiteworks_appliance
    • EPSS Score: %0.48
    • Published: Aug. 26, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-5663

    Multiple cross-site scripting (XSS) vulnerabilities in oauth_callback.php on Accellion Kiteworks appliances before kw2016.03.00 allow remote attackers to inject arbitrary web script or HTML via the (1) code, (2) error, or (3) error_description parameter.... Read more

    Affected Products : kiteworks kiteworks_appliance
    • EPSS Score: %0.30
    • Published: Aug. 26, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-5662

    Accellion Kiteworks appliances before kw2016.03.00 use setuid-root permissions for /opt/bin/cli, which allows local users to gain privileges via unspecified vectors.... Read more

    Affected Products : kiteworks kiteworks_appliance
    • EPSS Score: %0.03
    • Published: Aug. 26, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-5050

    Unrestricted file upload vulnerability in chat/sendfile.aspx in ReadyDesk 9.1 allows remote attackers to execute arbitrary code by uploading and requesting a .aspx file.... Read more

    Affected Products : readydesk
    • EPSS Score: %3.43
    • Published: Aug. 26, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-5049

    Directory traversal vulnerability in chat/openattach.aspx in ReadyDesk 9.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the SESID parameter in conjunction with a filename in the FNAME parameter.... Read more

    Affected Products : readydesk
    • EPSS Score: %0.79
    • Published: Aug. 26, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-5048

    SQL injection vulnerability in chat/staff/default.aspx in ReadyDesk 9.1 allows remote attackers to execute arbitrary SQL commands via the user name field.... Read more

    Affected Products : readydesk
    • EPSS Score: %1.00
    • Published: Aug. 26, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-4378

    The (1) Device Manager, (2) Tiered Storage Manager, (3) Replication Manager, (4) Replication Monitor, and (5) Hitachi Automation Director (HAD) components in HPE XP P9000 Command View Advanced Edition Software before 8.4.1-00 and XP7 Command View Advanced... Read more

    • EPSS Score: %0.79
    • Published: Aug. 26, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-4270

    Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service... Read more

    • EPSS Score: %5.72
    • Published: Aug. 26, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-4269

    Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service... Read more

    • EPSS Score: %5.72
    • Published: Aug. 26, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-4268

    Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service... Read more

    • EPSS Score: %5.72
    • Published: Aug. 26, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291728 Results